AWS-EKS-02--创建集群

发表于 2023-07-06 更新于 2024-04-03 分类于技术， aws ， eks

阅读次数：本文字数： 1.9k 阅读时长 ≈ 7 分钟

摘要

本文介绍在AWS中创建EKS集群的过程
参考资料：
- Amazon EKS用户指南
- Kubernetes 文档

创建eks集群

使用eksctl创建集群，当前默认安装k8s-1.25，如果要安装其它EKS支持的k8s版本，比如要安装1.26，则需要加上--version 1.26
如下命令会创建新的VPC，并基于该VPC创建一个新的eks集群，默认创建2个工作节点

# 当前默认是安装k8s-1.25，安装过程大约15分钟，
$ eksctl create cluster --name eks-lexing  --profile eks-us-west-2
2023-06-27 16:49:07 [ℹ]  eksctl version 0.146.0
2023-06-27 16:49:07 [ℹ]  using region us-west-2
2023-06-27 16:49:07 [ℹ]  setting availability zones to [us-west-2a us-west-2b us-west-2d]
2023-06-27 16:49:08 [ℹ]  subnets for us-west-2a - public:192.168.0.0/19 private:192.168.96.0/19
2023-06-27 16:49:08 [ℹ]  subnets for us-west-2b - public:192.168.32.0/19 private:192.168.128.0/19
2023-06-27 16:49:08 [ℹ]  subnets for us-west-2d - public:192.168.64.0/19 private:192.168.160.0/19
2023-06-27 16:49:08 [ℹ]  nodegroup "ng-4d9024eb" will use "" [AmazonLinux2/1.25]
2023-06-27 16:49:08 [ℹ]  using Kubernetes version 1.25
2023-06-27 16:49:08 [ℹ]  creating EKS cluster "eks-lexing" in "us-west-2" region with managed nodes
2023-06-27 16:49:08 [ℹ]  will create 2 separate CloudFormation stacks for cluster itself and the initial managed nodegroup
2023-06-27 16:49:08 [ℹ]  if you encounter any issues, check CloudFormation console or try 'eksctl utils describe-stacks --region=us-west-2 --cluster=eks-lexing'
2023-06-27 16:49:08 [ℹ]  Kubernetes API endpoint access will use default of {publicAccess=true, privateAccess=false} for cluster "eks-lexing" in "us-west-2"
2023-06-27 16:49:08 [ℹ]  CloudWatch logging will not be enabled for cluster "eks-lexing" in "us-west-2"
2023-06-27 16:49:08 [ℹ]  you can enable it with 'eksctl utils update-cluster-logging --enable-types={SPECIFY-YOUR-LOG-TYPES-HERE (e.g. all)} --region=us-west-2 --cluster=eks-lexing'
2023-06-27 16:49:08 [ℹ]
2 sequential tasks: { create cluster control plane "eks-lexing",
    2 sequential sub-tasks: {
        wait for control plane to become ready,
        create managed nodegroup "ng-4d9024eb",
    }
}
2023-06-27 16:49:08 [ℹ]  building cluster stack "eksctl-eks-lexing-cluster"
2023-06-27 16:49:09 [ℹ]  deploying stack "eksctl-eks-lexing-cluster"
2023-06-27 16:49:39 [ℹ]  waiting for CloudFormation stack "eksctl-eks-lexing-cluster"
2023-06-27 16:50:09 [ℹ]  waiting for CloudFormation stack "eksctl-eks-lexing-cluster"
2023-06-27 16:51:09 [ℹ]  waiting for CloudFormation stack "eksctl-eks-lexing-cluster"
2023-06-27 16:52:09 [ℹ]  waiting for CloudFormation stack "eksctl-eks-lexing-cluster"
2023-06-27 16:53:09 [ℹ]  waiting for CloudFormation stack "eksctl-eks-lexing-cluster"
2023-06-27 16:54:09 [ℹ]  waiting for CloudFormation stack "eksctl-eks-lexing-cluster"
2023-06-27 16:55:09 [ℹ]  waiting for CloudFormation stack "eksctl-eks-lexing-cluster"
2023-06-27 16:56:10 [ℹ]  waiting for CloudFormation stack "eksctl-eks-lexing-cluster"
2023-06-27 16:57:10 [ℹ]  waiting for CloudFormation stack "eksctl-eks-lexing-cluster"
2023-06-27 16:58:10 [ℹ]  waiting for CloudFormation stack "eksctl-eks-lexing-cluster"
2023-06-27 17:00:15 [ℹ]  building managed nodegroup stack "eksctl-eks-lexing-nodegroup-ng-4d9024eb"
2023-06-27 17:00:16 [ℹ]  deploying stack "eksctl-eks-lexing-nodegroup-ng-4d9024eb"
2023-06-27 17:00:16 [ℹ]  waiting for CloudFormation stack "eksctl-eks-lexing-nodegroup-ng-4d9024eb"
2023-06-27 17:00:46 [ℹ]  waiting for CloudFormation stack "eksctl-eks-lexing-nodegroup-ng-4d9024eb"
2023-06-27 17:01:25 [ℹ]  waiting for CloudFormation stack "eksctl-eks-lexing-nodegroup-ng-4d9024eb"
2023-06-27 17:03:16 [ℹ]  waiting for CloudFormation stack "eksctl-eks-lexing-nodegroup-ng-4d9024eb"
2023-06-27 17:03:16 [ℹ]  waiting for the control plane to become ready
2023-06-27 17:03:16 [✔]  saved kubeconfig as "/Users/hanqf/.kube/config"
2023-06-27 17:03:16 [ℹ]  no tasks
2023-06-27 17:03:16 [✔]  all EKS cluster resources for "eks-lexing" have been created
2023-06-27 17:03:17 [ℹ]  nodegroup "ng-4d9024eb" has 2 node(s)
2023-06-27 17:03:17 [ℹ]  node "ip-192-168-16-155.us-west-2.compute.internal" is ready
2023-06-27 17:03:17 [ℹ]  node "ip-192-168-48-14.us-west-2.compute.internal" is ready
2023-06-27 17:03:17 [ℹ]  waiting for at least 2 node(s) to become ready in "ng-4d9024eb"
2023-06-27 17:03:17 [ℹ]  nodegroup "ng-4d9024eb" has 2 node(s)
2023-06-27 17:03:17 [ℹ]  node "ip-192-168-16-155.us-west-2.compute.internal" is ready
2023-06-27 17:03:17 [ℹ]  node "ip-192-168-48-14.us-west-2.compute.internal" is ready
2023-06-27 17:03:19 [ℹ]  kubectl command should work with "/Users/hanqf/.kube/config", try 'kubectl get nodes'
2023-06-27 17:03:19 [✔]  EKS cluster "eks-lexing" in "us-west-2" region is ready

eks集群创建成功后会在~/.kube/config文件中自动加上集群的配置信息

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvakNDQWVhZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJek1EWXlPREEyTWpNeU1Wb1hEVE16TURZeU5UQTJNak15TVZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTXJVCk94RHJUTHR1lKeWUzUkQxQXFpeTdnUCtROApGdGNOSkNaUzJHSkV3d1hYcmZEK25YL0F1dFo2NVh0ZVR0KzdNZmdnQW1UVWNSaTM0cEhJcVhmN0R0eHY2VnhJCnVBUk9rbzhQRWIyNUpsYVRDRU9GWkRHeXJPdjlDMjE0ZEdudzJFRFV2QVJMR0E1bW5PN0EwanZlRG1zQWcrTzgKZGx3PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
    server: https://1029FF88CB872B655555565D44191A56.gr7.us-west-2.eks.amazonaws.com
  name: eks-lexing.us-west-2.eksctl.io
contexts:
- context:
    cluster: eks-lexing.us-west-2.eksctl.io
    user: hanqunfeng@eks-lexing.us-west-2.eksctl.io
  name: hanqunfeng@eks-lexing.us-west-2.eksctl.io
current-context: hanqunfeng@eks-lexing.us-west-2.eksctl.io
kind: Config
preferences: {}
users:
- name: hanqunfeng@eks-lexing.us-west-2.eksctl.io
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1beta1
      args:
      - eks
      - get-token
      - --output
      - json
      - --cluster-name
      - eks-lexing
      - --region
      - us-west-2
      command: aws
      env:
      - name: AWS_STS_REGIONAL_ENDPOINTS
        value: regional
      - name: AWS_PROFILE
        value: eks-us-west-2
      interactiveMode: IfAvailable
      provideClusterInfo: false

~/.kube/config文件说明
- clusters : 集群基本信息，可以配置多个，其包含certificate-authority-data–证书和server–API 服务器终端节点，这部分内容可以在aws控制台"EKS–集群–eks-lexing"中查看到。
- users : 用户认证信息，可以配置多个，这里可以看到是基于aws命令进行认证的。
- contexts : 上下文环境信息，这部分会将clusters与users进行一对一关联。
- current-context : 当前默认的集群上下文。
- 文件内容编辑后立即生效。
如果要在~/.kube/config中加入已经创建好的集群，可以通过如下命令实现，当然，手工编辑文件也可以。

$ aws eks update-kubeconfig --name eks-lexing  --profile eks-us-west-2
# 或者
$ export AWS_PROFILE=eks-us-west-2
$ aws eks update-kubeconfig --name eks-lexing

通过当前IAM帐号创建的eks，则只有该帐号有权限管理和查看，如果希望其它帐号也有权限，则需要进行授权，这个后面会介绍。
验证是否可以访问集群

# 查看节点组信息
$ eksctl get nodegroup --cluster eks-lexing --profile eks-us-west-2
CLUSTER		NODEGROUP	STATUS	CREATED			MIN SIZE	MAX SIZE	DESIRED CAPACITY	INSTANCE TYPE	IMAGE ID	ASG NAME				TYPE
eks-lexing	ng-4d9024eb	ACTIVE	2023-06-28T06:30:03Z	2		5		2			m5.large	AL2_x86_64	eks-ng-4d9024eb-20c48058-e974-c6ec-786a-516c31131604	managed

# 查看集群的命名空间，这里使用了kubectl的别名k
$ k get ns
NAME              STATUS   AGE
default           Active   11m
kube-node-lease   Active   11m
kube-public       Active   11m
kube-system       Active   11m

登录aws控制台，查看us-west-2下的EC2,VPC,CloudFormation,EKS等等，可以看到相应的资源已经创建完成。
EC2实例: 工作节点实例

EBS: 工作节点挂载的卷

Auto Scaling 组: 节点组

弹性IP:

安全组：

VPC:

EKS: 这里eks升级到1.26了，升级eks后面会介绍